Vulnerabilities > CVE-2018-6964 - Unspecified vulnerability in VMWare Horizon Client

047910
CVSS 7.2 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
local
low complexity
vmware
linux
nessus

Summary

VMware Horizon Client for Linux (4.x before 4.8.0 and prior) contains a local privilege escalation vulnerability due to insecure usage of SUID binary. Successful exploitation of this issue may allow unprivileged users to escalate their privileges to root on a Linux machine where Horizon Client is installed.

Vulnerable Configurations

Part Description Count
Application
Vmware
1
OS
Linux
1

Nessus

NASL familyMisc.
NASL idVMWARE_HORIZON_VIEW_CLIENT_VMSA_2018_0014.NASL
descriptionThe version of VMware Horizon View Client installed on the remote host is 4.x prior to 4.8.0. It is, therefore, affected by a privilege escalation vulnerability. Note that Nessus has not tested for these issues but has instead relied only on the application
last seen2020-03-21
modified2018-06-01
plugin id110294
published2018-06-01
reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/110294
titleVMware Horizon View Client 4.x < 4.8.0 Privilege Escalation Vulnerability (VMSA-2018-0014)
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(110294);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/20");

  script_cve_id("CVE-2018-6964");
  script_bugtraq_id(104315);
  script_xref(name:"VMSA", value:"2018-0014");

  script_name(english:"VMware Horizon View Client 4.x < 4.8.0 Privilege Escalation Vulnerability (VMSA-2018-0014)");
  script_summary(english:"Checks the VMware Horizon View Client version.");

  script_set_attribute(attribute:"synopsis", value:
"A virtualization application installed on the remote host is affected
by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of VMware Horizon View Client installed on the remote host
is 4.x prior to 4.8.0. It is, therefore, affected by a privilege
escalation vulnerability.

Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.");
  script_set_attribute(attribute:"see_also", value:"https://www.vmware.com/security/advisories/VMSA-2017-0018.html");
  script_set_attribute(attribute:"solution", value:
"Upgrade to VMware Horizon View Client 4.8.0 or later.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-6964");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/05/29");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/05/29");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/06/01");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:vmware:horizon_view_client");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("vmware_horizon_view_client_installed_nix.nbin");
  script_require_keys("installed_sw/VMware Horizon View Client");

  exit(0);
}

include("vcf.inc");

uname = get_kb_item_or_exit("Host/uname");
if ("Linux" >!< uname)
  audit(AUDIT_OS_RELEASE_NOT, "Linux");

app_info = vcf::get_app_info(app:"VMware Horizon View Client");

constraints = [{ "min_version" : "4", "fixed_version" : "4.8.0" }];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);